const express = require(`express`);
const db_query = require('../../utils/db_query');
const db = require('../../utils/db_connect');
const router = express.Router();
const xss = require('xss');

let myxss = new xss.FilterXSS({
    whiteList: {
        a: ["href", "title", "target"],
    },
});
// 以后直接调用 myxss.process() 来处理即可
// html = myxss.process('<script>alert("xss");</script>');

router.get('/member/list',(req,res)=>{

    let roleArr = ['1','2']
    if(!roleArr.includes(req.headers.role)){
        res.send({
            code: '401',
            message: '你没有权限访问',
            data: null
        })
        return;
    }

    let { pageIndex, pageSize, keywords } = req.query
    pageIndex = (pageIndex - 1) * pageSize;
    keywords = myxss.process(keywords);
    let sql = "select * from member ";
    let sqlCount = "select count(*) as cou from member ";
    let sqlArr = [];
    let sqlArr2 = [];
    if (keywords) {
        sql += `WHERE wx_name Like "%${keywords}%" `;
        // sqlArr.push(keywords);
        sqlCount += `WHERE wx_name Like "%${keywords}%" `;
        // sqlArr2=[keywords]
    }
    if (pageIndex) {
        sql += `ORDER BY member.id asc LIMIT ?,?`;
        // sqlArr.push(pageIndex);
        // sqlArr.push(pageSize);
        sqlArr = [pageIndex,pageSize]
    }

    db_query(sqlCount,sqlArr2,res,(err,count)=>{
        if(err) return;
        db_query(sql,sqlArr,res,(error,data)=>{
            if(error) return
            res.send({
                code: '200',
                message: '请求成功',
                data: data,
                count: count[0].cou
            })
        })
    })

})


//新增成员
router.post('/user/save',(req,res)=>{

    let roleArr = ['1','2']
    if(!roleArr.includes(req.headers.role)){
        res.send({
            code: '401',
            message: '你没有权限访问',
            data: null
        })
        return;
    }

    let {wx_name,role_id,role_name,dept_id,dept_name} = req.body;
    wx_name = myxss.process(wx_name);
    role_name = myxss.process(role_name);
    dept_name = myxss.process(dept_name);
    let sql = `INSERT INTO member(wx_name,role_id,role_name,dept_id,dept_name,create_time) values(?,?,?,?,?,now())`;
    let sqlArr = [wx_name,role_id,role_name,dept_id,dept_name]
    db_query(sql,sqlArr,res,(err,data)=>{
        if(err) return;
        res.send({
            code: '200',
            message: '添加成功',
            data: null
        })
    })
})

//删除成员
router.post('/user/delete',(req,res)=>{

    let roleArr = ['1','2']
    if(!roleArr.includes(req.headers.role)){
        res.send({
            code: '401',
            message: '你没有权限访问',
            data: null
        })
        return;
    }

    let {idArr} = req.body;
    let sql = `DELETE FROM member WHERE id in ( ? )`;
    let sqlArr = [idArr]

    db_query(sql,sqlArr,res,(err,data)=>{
        if(err) return;
        res.send({
            code: '200',
            message: '删除成功',
            data: null
        })
    })
})

//修改成员角色
router.post('/user/update_role',(req,res)=>{

    let roleArr = ['1','2']
    if(!roleArr.includes(req.headers.role)){
        res.send({
            code: '401',
            message: '你没有权限访问',
            data: null
        })
        return;
    }

    let {role_id,role_name,id} = req.body;
    let sql = `UPDATE member SET role_id=?,role_name=? WHERE id=?`;
    let sqlArr = [role_id,role_name,id]
    db_query(sql,sqlArr,res,(err,data)=>{
        if(err) return;
        res.send({
            code: '200',
            message: '更新成功',
            data: null
        })
    })
})

module.exports = router




